Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-49222 |
Description: Deserialization of Untrusted Data vulnerability in Amento Tech Pvt ltd WPGuppy allows Object Injection.This issue affects WPGuppy: from n/a through 1.1.0.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
January 8th, 2025 (3 months ago)
|
|
CVE-2024-43243 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in ThemeGlow JobBoard Job listing allows Upload a Web Shell to a Web Server.This issue affects JobBoard Job listing: from n/a through 1.2.6.
CVSS: CRITICAL (10.0) EPSS Score: 0.04%
January 8th, 2025 (3 months ago)
|
|
CVE-2024-12470 |
Description: The School Management System – SakolaWP plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.8. This is due to the registration function not properly limiting what roles a user can register as. This makes it possible for unauthenticated attackers to register as an administrative user.
CVSS: CRITICAL (9.8) EPSS Score: 0.09%
January 8th, 2025 (3 months ago)
|
|
CVE-2024-12402 |
Description: The Themes Coder – Create Android & iOS Apps For Your Woocommerce Site plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.4. This is due to the plugin not properly validating a user's identity prior to updating their password through the update_user_profile() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
CVSS: CRITICAL (9.8) EPSS Score: 0.09%
January 8th, 2025 (3 months ago)
|
|
CVE-2024-12264 |
Description: The PayU CommercePro Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.8.3. This is due to /wp-json/payu/v1/generate-user-token and /wp-json/payu/v1/get-shipping-cost REST API endpoints not properly verifying a user's identity prior to setting the users ID and auth cookies. This makes it possible for unauthenticated attackers to create new administrative user accounts.
CVSS: CRITICAL (9.8) EPSS Score: 0.09%
January 8th, 2025 (3 months ago)
|
|
CVE-2024-12252 |
Description: The SEO LAT Auto Post plugin for WordPress is vulnerable to file overwrite due to a missing capability check on the remote_update AJAX action in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers to overwrite the seo-beginner-auto-post.php file which can be leveraged to achieve remote code execution.
CVSS: CRITICAL (9.8) EPSS Score: 0.09%
January 8th, 2025 (3 months ago)
|
|
CVE-2024-28987 |
Description: CVE-2024-28987 Scanner & Exploiter - SolarWinds Web Help Desk
CVSS: CRITICAL (9.1)
January 7th, 2025 (3 months ago)
|
|
CVE-2024-12356 |
Description: The breach was carried out by exploiting CVE-2024-12356 in BeyondTrust cybersecurity company, just last week.
CVSS: CRITICAL (9.8) EPSS Score: 1.3%
January 7th, 2025 (3 months ago)
|
|
CVE-2020-2883 |
Description: Oracle WebLogic Server, a product within the Fusion Middleware suite, contains an unspecified vulnerability exploitable by an unauthenticated attacker with network access via IIOP or T3.
CVSS: CRITICAL (9.8)
January 7th, 2025 (3 months ago)
|
|
CVE-2025-21613 |
Description: go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only happens when the file transport protocol is being used, as that is the only protocol that shells out to git binaries. This vulnerability is fixed in 5.13.0.
CVSS: CRITICAL (9.2) EPSS Score: 0.04%
January 7th, 2025 (3 months ago)
|